aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-02-25Merge pull request #93 from d235j/darwinssl_ip_address_fixnickzman
darwinssl: don't omit CN verification when an IP address is used
2014-02-24curl_schannel.c: Updated copyright yearsMarc Hoersken
2014-02-24winssl: Enable hostname verification of IP address using SAN or CNDavid Ryskalczyk
Original commit message was: Don't omit CN verification in SChannel when an IP address is used. Side-effect of this change: SChannel and CryptoAPI do not support the iPAddress subjectAltName according to RFC 2818. If present, SChannel will first compare the IP address to the dNSName subjectAltNames and then fallback to the most specific Common Name in the Subject field of the certificate. This means that after this change curl will not connect to SSL/TLS hosts as long as the IP address is not specified in the SAN or CN of the server certificate or the verifyhost option is disabled.
2014-02-23Don't omit CN verification in DarwinSSL when an IP address is used.David Ryskalczyk
2014-02-22easy: Fixed a memory leak on OOM conditionDan Fandrich
2014-02-19SFTP: skip reading the dir when NOBODY=1Daniel Stenberg
When asking for an SFTP directory with NOBODY set, no directory contents should be retrieved. Bug: http://curl.haxx.se/mail/lib-2014-02/0155.html
2014-02-18axtls: comment the call ssl_read repeatedly loopDan Fandrich
2014-02-17http2: Support HTTP POST/PUTTatsuhiro Tsujikawa
This patch enables HTTP POST/PUT in HTTP2. We disabled Expect header field and chunked transfer encoding since HTTP2 forbids them. In HTTP1, Curl sends small upload data with request headers, but HTTP2 requires upload data must be in DATA frame separately. So we added some conditionals to achieve this.
2014-02-17multi: ignore sigpipe internallyDaniel Stenberg
When the multi API is used we must also ignore SIGPIPE signals when caused by things we do, like they can easily be generated by OpenSSL.
2014-02-17configure: Fix the --disable-crypto-auth optionDan Fandrich
It now disables NTLM and GSS authentication methods, and produces compilable code when SSL is enabled.
2014-02-17ConnectionDone: default maxconnects to 4 x number of easy handlesShao Shuchao
... as documented!
2014-02-16axtls: bump copyright yearDaniel Stenberg
2014-02-16axtls: call ssl_read repeatedlyFabian Frank
Perform more work in between sleeps. This is work around the fact that axtls does not expose any knowledge about when work needs to be performed. Depending on connection and how often perform is being called this can save ~25% of time on SSL handshakes (measured on 20ms latency connection calling perform roughly every 10ms).
2014-02-16ConnectionExists: re-use connections betterDaniel Stenberg
When allowing NTLM, the re-use connection logic was too focused on finding an existing NTLM connection to use and didn't properly allow re-use of other ones. This made the logic not re-use perfectly re-usable connections. Added test case 1418 and 1419 to verify. Regression brought in 8ae35102c (curl 7.35.0) Reported-by: Jeff King Bug: http://thread.gmane.org/gmane.comp.version-control.git/242213
2014-02-16warnless: Updated copyright year for recent changesSteve Holme
2014-02-16warnless: add wrapper function for read and write on WindowsMarc Hoersken
2014-02-14dict: fix memory leak in OOM exit pathArvid Norberg
Bug: https://github.com/bagder/curl/pull/90
2014-02-13Curl_urldecode: don't allow NULL as receiverDaniel Stenberg
For a function that returns a decoded version of a string, it seems really strange to allow a NULL pointer to get passed in which then prevents the decoded data from being returned! This functionality was not documented anywhere either. If anyone would use it that way, that memory would've been leaked. Bug: https://github.com/bagder/curl/pull/90 Reported-by: Arvid Norberg
2014-02-13ConnectionExists: reusing possible HTTP+NTLM connections betterDaniel Stenberg
Make sure that the special NTLM magic we do is for HTTP+NTLM only since that's where the authenticated connection is a weird non-standard paradigm. Regression brought in 8ae35102c (curl 7.35.0) Bug: http://curl.haxx.se/mail/lib-2014-02/0100.html Reported-by: Dan Fandrich
2014-02-13transfer: make Expect: 100-continue timeout configurable.Tiit Pikma
Replaced the #define CURL_TIMEOUT_EXPECT_100 in transfer.c with the CURLOPT_EXPECT_100_TIMEOUT_MS option to make the timeout configurable.
2014-02-12Fix compilation with make mingw32Thomas Braun
The source files from lib/vtls where generated in lib instead of lib/vtls. Verified-by: Thomas Braun <thomas.braun@virtuell-zuhause.de>
2014-02-12chunked decoder: track overflows correctlyDaniel Stenberg
The code didn't properly check the return codes to detect overflows so it could trigger incorrectly. Like on mingw32. Regression introduced in 345891edba (curl 7.35.0) Bug: http://curl.haxx.se/mail/lib-2014-02/0097.html Reported-by: LM
2014-02-11openssl: honor --[no-]alpn|npn command line switchFabian Frank
Disable ALPN or NPN if requested by the user.
2014-02-11gtls: honor --[no-]alpn command line switchFabian Frank
Disable ALPN if requested by the user.
2014-02-10NPN/ALPN: allow disabling via command lineFabian Frank
when using --http2 one can now selectively disable NPN or ALPN with --no-alpn and --no-npn. for now honored with NSS only. TODO: honor this option with GnuTLS and OpenSSL
2014-02-10nss: use correct preprocessor macroFabian Frank
SSL_ENABLE_ALPN can be used for preprocessor ALPN feature detection, but not SSL_NEXT_PROTO_SELECTED, since it is an enum value and not a preprocessor macro.
2014-02-09formdata: Must use Curl_safefree instead of freeDan Fandrich
2014-02-08formdata: Fixed memory leak on OOM conditionDan Fandrich
2014-02-07http2: updated README after NSS additionDaniel Stenberg
Changed the support to a little matrix and added brief explanation of what ALPN and NPN are for.
2014-02-07nss: support pre-ALPN versionsDaniel Stenberg
2014-02-07nss: ALPN and NPN supportFabian Frank
Add ALPN and NPN support for NSS. This allows cURL to negotiate HTTP/2.0 connections when built with NSS.
2014-02-07formpost: use semicolon in multipart/mixedDaniel Stenberg
Not comma, which is an inconsistency and a mistake probably inherited from the examples section of RFC1867. This bug has been present since the day curl started to support multipart formposts, back in the 90s. Reported-by: Rob Davies Bug: http://curl.haxx.se/bug/view.cgi?id=1333
2014-02-06ssh: Fixed a NULL pointer dereference on OOM conditionDan Fandrich
2014-02-06nss: Updated copyright year for recent editsSteve Holme
2014-02-06100-continue: fix timeout conditionRemi Gacogne
When using the multi socket interface, libcurl calls the curl_multi_timer_callback asking to be woken up after CURL_TIMEOUT_EXPECT_100 milliseconds. After the timeout has expired, calling curl_multi_socket_action with CURL_SOCKET_TIMEOUT as sockfd leads libcurl to check expired timeouts. When handling the 100-continue one, the following check in Curl_readwrite() fails if exactly CURL_TIMEOUT_EXPECT_100 milliseconds passed since the timeout has been set! It seems logical to consider that having waited for exactly CURL_TIMEOUT_EXPECT_100 ms is enough. Bug: http://curl.haxx.se/bug/view.cgi?id=1334
2014-02-06nss: prefer highest available TLS versionFabian Frank
Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3 if --tlsv1[.N] was not specified on the command line.
2014-02-06http2: spell fixed README and added version requirementDaniel Stenberg
2014-02-05http2: minor update of the READMEDaniel Stenberg
2014-02-05http2: rely on content-encoding headerFabian Frank
A server might respond with a content-encoding header and a response that was encoded accordingly in HTTP-draft-09/2.0 mode, even if the client did not send an accept-encoding header earlier. The server might not send a content-encoding header if the identity encoding was used to encode the response. See: http://tools.ietf.org/html/draft-ietf-httpbis-http2-09#section-9.3
2014-02-04http2: enforce gzip auto-decompressDaniel Stenberg
As this is mandated by the http2 spec draft-09
2014-02-04http2: handle incoming data larger than remaining bufferTatsuhiro Tsujikawa
2014-02-04http2: Check stream ID we are interested inTatsuhiro Tsujikawa
2014-02-04http2: store response header in temporary bufferTatsuhiro Tsujikawa
2014-02-04HTTP2: add layer between existing http and socket(TLS) layerTatsuhiro Tsujikawa
This patch chooses different approach to integrate HTTP2 into HTTP curl stack. The idea is that we insert HTTP2 layer between HTTP code and socket(TLS) layer. When HTTP2 is initialized (either in NPN or Upgrade), we replace the Curl_recv/Curl_send callbacks with HTTP2's, but keep the original callbacks in http_conn struct. When sending serialized data by nghttp2, we use original Curl_send callback. Likewise, when reading data from network, we use original Curl_recv callback. In this way we can treat both TLS and non-TLS connections. With this patch, one can transfer contents from https://twitter.com and from nghttp2 test server in plain HTTP as well. The code still has rough edges. The notable one is I could not figure out how to call nghttp2_session_send() when underlying socket is writable.
2014-02-04gtls: add ALPN supportFabian Frank
Add ALPN support when using GnuTLS >= 3.2.0. This allows libcurl to negotiate HTTP/2.0 for https connections when built with GnuTLS. See: http://www.gnutls.org/manual/gnutls.html#Application-Layer-Protocol-Negotiation-_0028ALPN_0029 http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
2014-02-03openssl: add ALPN supportFabian Frank
Add ALPN support when using OpenSSL. This will offer ALPN and NPN to the server, who can respond with either one or none of the two. OpenSSL >= 1.0.2 is required, which means as of today obtaining a snapshot from ftp://ftp.openssl.org/snapshot/. See: http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 https://github.com/openssl/openssl/blob/ba168244a14bbd056e502d7daa04cae4aabe9d0d/ssl/ssl_lib.c#L1787
2014-01-31winssl: improved default SSL/TLS protocol selectionMarc Hoersken
For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2 if it is not explicitly enabled within grbitEnabledProtocols. More information can be found on MSDN: http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx
2014-01-31pipeline: Fixed a NULL pointer dereference on OOMDan Fandrich
2014-01-30ftp: fixed a memory leak on wildcard error pathDan Fandrich
2014-01-30netrc: Fixed a memory leak in an OOM conditionDan Fandrich